CMMC 2.0 • LEVEL 2 • AUDIT & ACCOUNTABILITY

AU.L2-3.3.8Protection of Audit Information

Protect audit information and audit logging tools from unauthorized access, modification, and deletion. Authorize access to management of audit logging functionality to only a subset of privileged users or roles.

NIST 800-171 Mapping

NIST 800-53 Controls

AU-11

Assessment Objectives

  • access to management of audit logging functionality is authorized to only a subset of privileged users or roles.
  • audit information is protected from unauthorized access, modification, and deletion.
  • audit logging tools are protected from unauthorized access, modification, and deletion.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AU.L2-3.3.1 Event Logging AU.L2-3.3.2 Audit Record Content AU.L2-3.3.3 Audit Record Generation AU.L2-3.3.4 Response to Audit Logging Process Failures